CVE-2026-31516

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A race condition exists in the xfrm component where a 'XFRM MSG NEWSPDINFO' request can queue the policy hthresh.work work item onto the system workqueue. The callback function xfrm hash rebuild() retrieves the struct net using container of(). If the network namespace is torn down before the work item executes, xfrm hash rebuild() may dereference memory that has already been freed because xfrm policy fini() failed to synchronize policy hthresh.work during the teardown process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.